Resolved Errors when running cron when installing Let's Encrypt certificate

[Cordal]

I recently installed a Let's Encrypt certificate in my domain, using the corresponding extension in my Plesk 12.5, from that moment when the cron programmed run the following error:

HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.mydomail.es/myfunction [following]
converted 'https://www.mydomail.es/myfunction (ANSI_X3.4-1968) -> 'https://www.mydomail.es/myfunction' (UTF-8)
Spider mode enabled. Check if remote file exists.
--2017-03-01 10:16:53-- https://www.mydomail.es/myfunction
Connecting to www.infoclick.es (www.mydomain.es)|00.000.000.000|:443... connected.

ERROR: The certificate of 'www.mydomain.es' is not trusted.
ERROR: The certificate of 'www.mydomain.es' hasn't got a known issuer.

If I execute the url directly in the browser it runs without problems

 

[Bitpalast]

When you created the Let's Encrypt certificate did you check the "include www. subdomain" checkbox? Else the certificate is only valid for mydomain.es, but not for www.mydomain.es. I suggest to go back into the Let's Encrypt icon, check the box and have the cert reissued. Does it work as expected afterwards?

 

[Cordal]

Thanks for your answer, if the www box is checked, and https pages work without problems, but only from the browser, the error occurs when you run a url from cron.

 

[Bitpalast]

And how exactly do you "run a url from cron"? What command line are you executing?

 

[Cordal]

When I realize that since the certificate was installed the cron was not executed, I execute it directly from plesk Scheduled tasks-> run now button



And that's where the error is displayed

 

[Bitpalast]

I see. Well, when you are using wget or curl on the command line to retrieve TLS content, you must provide the proper ca-certificate chains on your operating system. Else these programs will throw an "untrusted" error.

The approach that you need to take depends on your operating system.
See a guide here for instance: http://stackoverflow.com/questions/...s-when-running-wget-on-an-https-url-in-cygwin
These instructions might not apply to your system, but you can sure find more info on it on Google for your specific OS.

As an alternative, you can try to ignore a certificate warning with the wget "-–no-check-certificate" parameter. In that case however, if the connection is compromised, you won't know, so you are basically neglecting transport security if you use that parameter. If you are requesting an address on your own infrastructure, e.g. your own host, this can be a valid, fast solution. When you download something from an external url it is better to fix the underlying issue with the missing root certificates as described above.

 

[Cordal]

Thank you very much for your assistance.
That solved the problem

 

[Sidney Disney]

I'm going to add info to this, since this was the first result I got in Google

If I run the wget from command line it works fine, but if I run it from cron then it gives that certificate error

ERROR: The certificate of 'www.mydomain' is not trusted.
ERROR: The certificate of 'www.mydomain' hasn't got a known issuer.

As per link;

Tried
# apt-get install ca-certificates
already installed

Tried
# ln -sT /usr/ssl /etc/ssl
file exists

The solution for me was to add this to the cron command, since I'm running my own local site, "wget --no-check-certificate "
This doesn't feel like a solution though... but it works in my situation.